Day 88/100 Hack and Improvement
Day 88 comes with some readings on information disclosure and XSS in hidden inputs.
Hacking companies through help desk
From Rajesh Ranjan. Day 88 comes with a simple bug, which was leaking the sensitive data of the user.
Here is the link for the article
XSS in Hidden Input Fields
From Sam (CoffeeJunkie). XSS in input fields has been something interesting to test about. In this case this research from PortSwigger, this writeup seemed to be pretty interesting where it actually explains the purpose.
accesskey="X" onclick="alert('xss')"
This an example on how it can be used. Full write up here
Leave a comment